Colorado’s AI Law Still Stands After Update Effort Fails
On May 13, 2025, it was reported that Colorado’s pioneering law reflecting important goals of fairness and transparency in AI use remains intact after attempts to amend it fell short. The failure to adopt Senate Bill 25-318 (SB318) leaves employers grappling with significant compliance uncertainty.
Colorado made history in 2024 as the first state in the U.S. to enact comprehensive regulation of artificial intelligence through Senate Bill 24-205 (SB205), known as the Colorado Artificial Intelligence Act (CAIA). This act established detailed compliance obligations for developers and users of “high-risk” AI systems across various sectors, including employment, housing, finance, health care, education, and essential government services.
The CAIA aimed to tackle concerns regarding algorithmic discrimination, mandating transparency, risk assessments, consumer disclosures, and risk mitigation by February 1, 2026. While the law was perceived as a groundbreaking initiative, it also raised concerns about its complexity and potential negative impacts on innovation.
Governor Polis’ Reluctant Endorsement and Call for Change
Governor Jared Polis signed SB205 into law with notable hesitation, emphasizing in his signing statement that the law introduces a “complex compliance regime” that could hinder innovation and deter competition by imposing heavy burdens on developers. He urged for federal regulation to avoid a fragmented state-by-state approach that could stifle technological advancement.
Polis pointed out a unique concern regarding the CAIA’s deviation from traditional discrimination frameworks, which prohibits all discriminatory outcomes from AI systems, irrespective of intent. He encouraged Colorado lawmakers to reconsider this standard before the law’s 2026 effective date.
In a rare public letter co-signed by Polis, Attorney General Phil Weiser, and Senate Majority Leader Robert Rodriguez, state leaders acknowledged the risks associated with the CAIA’s broad definitions and disclosure requirements. They committed to minimizing unintended consequences while encouraging future refinements to protect innovation and ensure fairness.
SB25-318: A Measured Response That Fell Short
In 2025, legislators introduced SB318 as an effort to refine SB205. This proposed bill aimed to amend the definition of algorithmic discrimination, exempt small businesses and open-source AI developers, clarify appeal rights, and ease requirements for companies using AI for recruitment and hiring.
Attorney General Phil Weiser, while testifying before the Senate Business, Labor, and Technology Committee, cautioned against moving too quickly in this complex area and recommended delaying the law’s implementation by a year. Despite broad support, SB318 ultimately failed to gain consensus and was postponed indefinitely due to a lack of agreement.
Potential Relief for Employers Using Background Checks
Despite its challenges, the CAIA offers several safeguards for employers and background screening companies. Notably, enforcement authority lies exclusively with the Colorado Attorney General, which spares businesses from the litigation risks associated with many new regulatory frameworks. Additionally, the law allows companies to assert an affirmative defense by demonstrating they have identified and remedied violations through internal processes.
The act distinguishes between AI systems that serve as the primary basis for significant decisions and those that do not, suggesting that traditional background screening tools, which typically involve human review, may fall outside the law’s most rigorous obligations.
Compliance Concerns for Employers and Consumer Reporting Agencies
Employers and consumer reporting agencies must remain vigilant regarding several compliance risks under the CAIA. The broad definition of an artificial intelligence system could inadvertently encompass traditional automation tools and adjudication technologies not typically associated with adaptive learning or bias.
Moreover, the definition of high-risk AI systems raises concerns. Any AI system significantly influencing employment decisions could be classified as high-risk, compelling employers to evaluate the extent of human oversight in their processes.
Compliance burdens could also arise from the law’s consumer disclosure requirements. Employers must inform individuals when AI significantly influences a consequential decision and clarify the system’s role in the decision-making process. Meeting these obligations may depend on AI vendors providing necessary technical disclosures.
Furthermore, recordkeeping requirements mandate that companies retain documentation of impact assessments and risk management policies for at least three years post-deployment of a high-risk system, creating additional administrative burdens.
Conclusion
While Colorado’s pioneering law aims for fairness and transparency in AI, the failure to pass SB318 leaves employers facing substantial compliance challenges. The broad scope of the original law risks including low-risk technologies, potentially stifling innovation in hiring, screening, and HR technology.
Employers utilizing AI must proactively review their risk management practices, ensure meaningful human oversight in decision-making, and prepare comprehensive disclosures ahead of the February 1, 2026 deadline. Colorado’s experience serves as a crucial case study in navigating the complexities of AI regulation and the balance between fostering innovation and protecting consumers.
